commit python for openSUSE:Factory

h_root Fri, 30 Aug 2013 02:49:06 -0700

Hello community,

here is the log from the commit of package python for openSUSE:Factory checked 
in at 2013-08-30 11:47:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python (Old)
 and      /work/SRC/openSUSE:Factory/.python.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python"

Changes:
--------
python-doc.changes: same change
--- /work/SRC/openSUSE:Factory/python/python.changes    2013-08-21 
13:46:18.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.python.new/python.changes       2013-08-30 
11:47:53.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Aug 26 13:55:35 UTC 2013 - lnus...@suse.de
+
+- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations
+  if no ca_certs file is specified (bnc#827982, bnc#836739)
+
+-------------------------------------------------------------------
@@ -5 +11 @@
-  (CVE-2013-4073, bnc#834601)
+  (CVE-2013-4238, bnc#834601)

Old:
----
  CVE-2013-4073_py27.patch

New:
----
  CVE-2013-4238_py27.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-base.spec ++++++
--- /var/tmp/diff_new_pack.cHLXNL/_old  2013-08-30 11:47:54.000000000 +0200
+++ /var/tmp/diff_new_pack.cHLXNL/_new  2013-08-30 11:47:54.000000000 +0200
@@ -50,7 +50,7 @@
 Patch22:        python-2.7.4-aarch64.patch
 Patch23:        python-2.7.4-no-REUSEPORT.patch
 Patch24:        python-bsddb6.diff
-Patch25:        CVE-2013-4073_py27.patch
+Patch25:        CVE-2013-4238_py27.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake

++++++ python-doc.spec ++++++
--- /var/tmp/diff_new_pack.cHLXNL/_old  2013-08-30 11:47:54.000000000 +0200
+++ /var/tmp/diff_new_pack.cHLXNL/_new  2013-08-30 11:47:54.000000000 +0200
@@ -56,7 +56,7 @@
 Patch22:        python-2.7.4-aarch64.patch
 Patch23:        python-2.7.4-no-REUSEPORT.patch
 Patch24:        python-bsddb6.diff
-Patch25:        CVE-2013-4073_py27.patch
+Patch25:        CVE-2013-4238_py27.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps

++++++ python.spec ++++++
--- /var/tmp/diff_new_pack.cHLXNL/_old  2013-08-30 11:47:54.000000000 +0200
+++ /var/tmp/diff_new_pack.cHLXNL/_new  2013-08-30 11:47:54.000000000 +0200
@@ -56,7 +56,7 @@
 Patch22:        python-2.7.4-aarch64.patch
 Patch23:        python-2.7.4-no-REUSEPORT.patch
 Patch24:        python-bsddb6.diff
-Patch25:        CVE-2013-4073_py27.patch
+Patch25:        CVE-2013-4238_py27.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel

++++++ CVE-2013-4073_py27.patch -> CVE-2013-4238_py27.patch ++++++

++++++ python-2.7.3-ssl_ca_path.patch ++++++
--- /var/tmp/diff_new_pack.cHLXNL/_old  2013-08-30 11:47:54.000000000 +0200
+++ /var/tmp/diff_new_pack.cHLXNL/_new  2013-08-30 11:47:54.000000000 +0200
@@ -1,6 +1,8 @@
---- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -271,6 +271,7 @@
+Index: Python-2.7.5/Modules/_ssl.c
+===================================================================
+--- Python-2.7.5.orig/Modules/_ssl.c
++++ Python-2.7.5/Modules/_ssl.c
+@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
      char *errstr = NULL;
      int ret;
      int verification_mode;
@@ -8,15 +10,24 @@
  
      self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
      if (self == NULL)
-@@ -331,11 +332,23 @@
-                             "verification of other-side certificates.");
-             goto fail;
-         } else {
--            PySSL_BEGIN_ALLOW_THREADS
+@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
+ 
+     if (certreq != PY_SSL_CERT_NONE) {
+         if (cacerts_file == NULL) {
+-            errstr = ERRSTR("No root certificates specified for "
+-                            "verification of other-side certificates.");
+-            goto fail;
+-        } else {
+             PySSL_BEGIN_ALLOW_THREADS
 -            ret = SSL_CTX_load_verify_locations(self->ctx,
 -                                                cacerts_file,
 -                                                NULL);
--            PySSL_END_ALLOW_THREADS
++            ret = SSL_CTX_set_default_verify_paths(self->ctx);
+             PySSL_END_ALLOW_THREADS
+-            if (ret != 1) {
+-                _setSSLError(NULL, 0, __FILE__, __LINE__);
+-                goto fail;
++        } else {
 +            /* If cacerts_file is a directory-based cert store, pass it as the
 +               third parameter, CApath, instead
 +            */
@@ -32,8 +43,13 @@
 +                                                    cacerts_file,
 +                                                    NULL);
 +                PySSL_END_ALLOW_THREADS
-+            }
+             }
+         }
 +
-             if (ret != 1) {
-                 _setSSLError(NULL, 0, __FILE__, __LINE__);
-                 goto fail;
++        if (ret != 1) {
++            _setSSLError(NULL, 0, __FILE__, __LINE__);
++            goto fail;
++        }
+     }
+     if (key_file) {
+         PySSL_BEGIN_ALLOW_THREADS

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit python for openSUSE:Factory

Reply via email to